By accepting this Privacy Policy, you expressly consent to our use of your personal data for the purposes and under the conditions set out in this document.

This Privacy Policy applies to Personal Data we collect, when you access or use Timișoara City App and the website located at https://timisoara.eventya.eu, which are made available by Eventya Co SRL.

Eventya Co SRL collects, processes and stores personal data in the EU, being able to demonstrate at all times compliance with European Union law and the principles set out in this document.

All personal data processing activities carried out by Eventya Co SRL are in line with the provisions of Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Directive).

Terms and definitions

1. ”Personal Data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person

2. ”Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction

3. ”Consent” means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her

4. ”Controller” is Eventya Co SRL, supplier of Timișoara City App and the website located at https://timisoara.eventya.eu, which processes personal data in the EU, according to the legislation and the present policy

5. ”User” means individual, with the minimum age of 16 (or the legal minimum age at which someone can join an online service without the controller having to obtain parental consent), which expresses its consent to the use of the Application under the operator’s policies and whether or not it is authenticated in the Application by creating a profile

6. ”Supervisory Authority” means an independent public authority which is established by a Member State according to Regulation (EU) 2016/679

7. ”Timișoara City App”, hereinafter referred to as the Application, means the mobile application available for iOS and Android operating systems, owned by the Eventya Co SRL and running on the Eventya Publishing Platform

8. ”Eventya Publishing Platform”, hereinafter referred to as the Platform, means an integrated system, consisting of a suite of web-based software applications and mobile applications that are subject to copyright law, being registered in the National Register of Computer Programs according to the certificate series 799029BM no. 09135

Principles

The Privacy Policy is based on the following principles:

Personal data is processed lawfully, fairly and in a transparent manner in relation to the data subject.

Personal data is collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.

Personal data is adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.

Personal data is accurate and, where necessary, kept up to date.

Personal data is kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.

Personal data is processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

Who is responsible for processing personal data?

The responsibility for the processing of personal data rests with the application’s provider. It decides what data is processed, for what purpose and how this processing takes place.

The owner of the Platform on which the application is running, may be responsible for the processing of personal data in those cases where it acts to perform the obligations set forth in the contract.

The owner of the Eventya Publishing Platform is EVENTYA CO SRL, a company with Romanian private capital, based in Sura Mare, 18 Florilor Street, Sibiu County, registered with the Trade Registry Office attached to the Sibiu Court with the number J32/408/2013, Unique Registration Code: RO31611012.

Personal data is processed with the express and unambiguous consent of the Application’s user, in accordance with the provisions of the legislation in force and under the terms of this policy.

It may be the basis for processing: a contract, a user’s request before entering into a contract, the need to comply with a legal obligation, the legitimate interest of the operator or of a third party, the need to protect the vital interests of the user or other individual, fulfilling a task that serves a public interest.

What data do we collect and for what purpose?

We collect personal data from both users who sign in to their accounts in mobile apps as well as those who access the apps non-authenticated.

In the case of authentication, we collect the following personal data:

first and last name - used to create the user account, visible in the Application;

photo - the profile picture is automatically taken from the social profile when the user logs into the Application with his/hers Facebook or Google Account. Once authenticated, regardless of the authentication method, the user can add or change the profile picture;

email address - is automatically collected from your Facebook or Google account, when the user logs in through Social Media. It can be manually entered by the user when logging in with email and password. A user's email address is not visible anywhere in the Application, being used only for authentication;

information about the device of the user (operating system, type of smartphone (model), the network he uses, GPS location (optionally, if it has given its consent in the Application), this information being used for statistical purposes only;

phone number - is required only for the use of the Incident Reporting Module within the Application. The phone number is not made public but is used to validate the person once when he first sends the referral. The phone number of the person making the referral is public only for City Hall employees who receive the referrals to contact him by telephone, if that’s the case.

For unauthenticated users, the following data is collected:

information about the device of the user (operating system, type of smartphone (model), the network he uses, GPS location (optionally, if it has given its consent in the Application), this information being used for statistical purposes only;

In addition to the personal data we referred to above, we obtain data from the analysis of how our services are used, as follows:

information about the device of the user (operating system, type of smartphone (model), the network he uses, GPS location (optionally, if it has given its consent in the Application), this information being used for statistical purposes only;

data collected in Google Analytics, used for statistical purposes to determine patterns in user behavior;

data obtained by using the "REMINDER" function at events is stored for statistical purposes to make charts with popular events;

data obtained by creating collections with locations and events are stored for statistical purposes to determine popular locations or events.

What data do we collect for creating profile in the Application and what do we make public?

When creating a user profile in the Application, the following personal data is required:

First and last name;

Email address;

Profile picture (when logging in through one of two social platforms: Facebook or Google).

In the user account, which is public in the Application, we publicly display the following information:

First and last name;

Profile picture

What is the purpose for which personal data is processed?

We process personal data for:

user validation, by sending a confirmation SMS when using the incident reporting module to the city halls;

geolocation, in the case of the user who accepted the availability of his/hers GPS location to view / order different locations on the map or list, depending on its distance from them. In the lists of locations we display the distance in kilometers from the user's location to the point of interest.

When using the Incident Reporting Module to the City Hall, the purpose of the GPS location processing is to automatically determine the location of the reported incident on the map.

push notifications - users can receive push notifications in the following situations:

when they “follow” a location or an event organizer in the Application. In this case, they are notified when that entity publishes an event or new offer;

when they click on “Going” to an event, they will be notified based on the reminder that they set in the Application or local calendar;

when they “follow” other users from the Application, about their activity in the Application;

when another user of the Platform “follows” you in the Application, you’ll be notified;

general push notifications sent by content managers / publishers of the Application. When installing the Application, you can choose to receive or not these general notifications.

weekly newsletter, for which the users can subscribe to in the:

application (from the list of events, a webpage is opened where the user is asked for his name, surname and email. These data reaches the list of Mailchimp subscribers, who will receive a weekly newsletter);

public website (in the website’s footer there is a newsletter subscription form. The user has to fill in his first name, last name and email. These data reaches the list of Mailchimp subscribers, who will receive a weekly newsletter);

statistics and reports - the Application users’ data are processed:

with Google Analytics, generating automated marketing statistics in order to better promote the Application;

to generate customized marketing reports that are made and sent by the Platform’s owner.

In both situations, the marketing statistics remain anonymous and are not made public.

manually, when creating a new user account through email and password, including name, surname, email; the photo can be added later - optional. The user’s phone number is added when using the Incident Reporting Module, for additional validation.

The Regulation gives the user a series of rights, which we briefly present in the following:

1. right to information and access to personal data, by virtue of which the user can obtain from us a confirmation as to whether or not personal data are being processed, and, where that is the case, access to the personal data and the information about the methods and the purposes of processing;

2. right to rectification of personal data that can be invoked in order to obtain without undue delay the rectification of inaccurate personal data or completing of incomplete personal data;

3. right to erasure (‘right to be forgotten’) by virtue of which the user can obtain the erasure of personal data without undue delay where one of the following grounds applies:

i.the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

ii.the user withdraws consent on which the processing is based and there is no other legal ground for the processing;

iii.the user objects to the processing and there are no overriding legitimate grounds for the processing;

iv.the personal data have been unlawfully processed;

v.the personal data have to be erased for compliance with a legal obligation;

vi.the personal data have been collected in relation to the offer of information society services.

4. right to restriction of processing where one of the following applies:

i.the accuracy of the personal data is contested by the data subject, for a period enabling us to verify the accuracy of the personal data;

ii.the processing is unlawful and the user opposes the erasure of the personal data and requests the restriction of their use instead;

iii.we no longer need the personal data for the purposes of the processing, but they are required by the user for the establishment, exercise or defence of legal claims;

iv.the user has objected to processing pending the verification whether the legitimate grounds of the controller override those of the user.

5. right to object, by virtue of which the user can object, on grounds relating to his or her particular situation, at any time to processing of personal data, including profiling, where:

the processing is necessary for the performance of a task carried out in the public interest; or

the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party.

The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

Where personal data are processed for direct marketing purposes, the user shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.

6. right to data portability that gives permission to a user to receive the personal data concerning him or her, which he or she has provided to us, in a structured, commonly used and machine-readable format and to transmit those data to another controller, where the processing is based on consent or on a contract and the processing is carried out by automated means.

By virtue of this right, personal data concerning the user can be transmitted directly from one controller to another, where technically feasible.

Change of the Privacy Policy

This Privacy Policy may be updated as a result of relevant changes in the legislation or changes in the Platform's structure and functions.

If changes to the Privacy Policy are made, users will be notified via e-mail, mobile app notifications, or through the website before the changes take effect.

We encourage users to check this page periodically to keep up-to-date on our privacy practices.

How can you contact us?

For questions about processing your personal data, you can contact Eventya Co SRL through email contact@eventya.net.

If you wish to make complaints about the processing of your personal data, you can write to the same address, and we will respond within the legal term of correspondence in accordance with our internal policies and procedures.

In the unlikely event that you believe your rights to the processing of personal data have been violated and Eventya Co SRL did not treat the complaint properly, you can address a Supervisory Authority for Personal Data Processing.